pioneer2.net SSL Cert error

gatesphere

Member
Gender
Male
Guildcard
42054812
Firefox 73.0.1 is complaining that the cert for pioneer2.net is only valid for the subdomains www and ephinea. No biggie, just thought I'd point it out that the bare pioneer2.net domain isn't serving a valid cert.

Having set up the Let's Encrypt certs on my own sites/servers, I know it can be tricky to get everything just right :)
 
It has been like this since I got the certificates and I've never considered this as a problem since the plain HTTP just redirects to ephinea.pioneer2.net

Anyhow, I've made an adjustment so you don't have to worry about it anymore.
 
Hi again,

The wiki (https://wiki.pioneer2.net/index.php?title=Main_Page) is now reporting SSL_INTERNAL_CERT_ERROR for me, on both Firefox desktop and Firefox for iOS. Safari on iOS doesn't have any issues. Connecting to the wiki over HTTP instead of HTTPS works fine in desktop Firefox, but not Firefox iOS.

As a unix sysadmin myself, I have a knack for finding these things -- it drives my coworkers nuts. Sorry to keep bugging you! Feel free to ignore me :)
 
You didn’t really find anything.

The Wiki has never had an SSL certificate on it. Even the link on the home page is regular HTTP.

We’ll get around to adding a cert sometime, but we have always known it to not be using HTTPS.
 
Well, for whatever reason, Firefox on both iOS and Desktop (as of v 74.0) now assume that the wiki does have a cert, and refuse to connect to it over plain http. It used to work on Firefox 73.1 for desktop.

I've replicated this result across Windows 10 and Arch Linux, across 4 different machines. And on iOS Firefox.

Mozilla is getting a bit heavy handed with their policies.

EDIT: Additionally, Chrome exhibits similar behavior if you've ever connected to pioneer2.net via https -- the browser seems to remember that pioneer2.net has an https version, and won't allow you to browse to the plain http version of the wiki, even if manually typing in the address -- it automatically redirects. Weird behavior.
 
Last edited:
I can confirm this is happening on my end as well.
Removing the S from HTTPS doesn't do anything and forces a redirect to HTTPS on a new Firefox v74 installation. (Tested with no add-ons)

My Firefox that recently updated to v74 that has accessed the website before has no issues.

1. Visited pioneer2.net
2. Clicked "Wiki" button

Mozilla links this page on "Learn more."
https://support.mozilla.org/1/firefox/74.0/WINNT/en-US/connection-not-secure

upload_2020-3-18_13-56-58.png
 
FYI, this is happening because of HSTS. Basically, if you hit pioneer2.net without a subdomain, you will end up requesting https://pioneer2.net which returns the following header:

strict-transport-security: max-age=31536000; includeSubDomains

This header instructs the browser not to trust http for pioneer2.net and any of its subdomains. So the browser is following this instruction by automatically redirecting the http://wiki.pioneer2.net addresses to https ones.

As a workaround, affected users can look up how to delete their browser's HSTS settings. Then bypass the request to https://pioneer2.net by accessing one of the subdomains: www.pioneer2.net or ephinea.pioneer2.net.
 
Back
Top